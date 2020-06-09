Language Selection

Security and Proprietary Software Leftovers

Submitted by Roy Schestowitz on Monday 17th of May 2021 05:56:37 AM Filed under
Security

     

  • 2021-05 Russian IT Security Updates – allegedly Windows source code for sale [Ed: Lousy code from Microsoft -- code you might only wish to have for the back doors exposed by it. So one can engage in ransom against Windows users, including hospitals.]

    The developer of the Salaat First (Prayer Times) app, which reminds Muslims when to pray, recorded and sold detailed information about their location to a data broker without the users ‘ knowledge, who in turn sold the geodata to other clients.

    This was reported by the publication Motherboard.

    The app sends notifications reminding users when to pray, shows them which direction to pray in by pointing to Mecca, and displays nearby mosques for users based on their current location.

    The location data is collected by the French firm Predicio, which was previously linked to a data supply chain involving a U.S. government contractor that worked with U.S. Immigration and Customs Enforcement, U.S. Customs and Border Protection, and the FBI.

  • Firms Struggle to Secure Multicloud Misconfigurations

    Half of companies had at least one case of having all ports open to the public, while more than a third had an exposed database.

  • Cyber-crime: Irish health system targeted [sic] twice by [crackers]

    The Department of Health said it shut down its IT systems after a ransomware attack on Thursday.

    A similar attack on the Health Service Executive (HSE) on Friday caused "substantial" cancellations to outpatient services.

    The same cyber-crime group is believed to be behind both incidents, RTÉ has reported.

  • Ransomware Is Getting Ugly

    An industry group called the Institute for Security and Technology (no, I haven’t heard of it before, either) just released a comprehensive report on combating ransomware. It has a “comprehensive plan of action,” which isn’t much different from anything most of us can propose. Solving this is not easy. Ransomware is big business, made possible by insecure networks that allow criminals to gain access to networks in the first place, and cryptocurrencies that allow for payments that governments cannot interdict. Ransomware has become the most profitable cybercrime business model, and until we solve those two problems, that’s not going to change.

  • China removes 90 apps to check 'irregular collection of personal information'

    China's Ministry of Industry and Information Technology (MIIT) announced that the apps were being taken "offline" for an indefinite period. The affected apps include online ticket booking platform Damai, online travel booking app Tuniu, China's biggest LinkedIn rival Maimai, and Tianya, an online community for people to share views and ideas. However, users who already have the apps installed can continue to use them, reported South China Morning Post.

  • Cisco to acquire threat assessment platform Kenna Security

    Networking major Cisco has announced to acquire Kenna Security, makers of a risk-based vulnerability management platform, for an undisclosed sum.

    This is the third acquisition by Cisco this week. The company announced its intent to acquire Sedona Systems and Socio Labs earlier this week, but did not disclose financial details.

    Kenna is the first significant acquisition for Cisco's security business since its $2.35 billion purchase of Duo Security in 2018.

  • Adopting zero trust architecture can limit ransomware’s damage

    Zero trust is relatively straightforward: Organizations shouldn’t automatically trust anything trying to connect to their network or access their data. Instead, they should verify everything before granting access. Zero trust architecture does not need to be costly or complex to implement, as enterprises can implement zero trust with current technology and updated policies and standards. One way is to identify automated systems in the environment and using allow lists to restrict access to those systems.

Vimix is an Open Source Tool That Helps With Graphical Mixing and Blending Live

There are several Linux tools available for digital artists. However, those are mostly for image manipulation or drawing. So, how can you blend and mix video clips or computer-generated graphics in real-time on Linux? This is mostly a use-case if you are presenting something live for a VJ session or concerts and conferences. Read more

Software Freedom Leftovers

  • 5 things I learned while developing a billing system
                     
                       

    Figuring out these edge cases one-by-one wasn’t great. I wish someone had created a short guide of what I needed to know. So here it is! My guide. If you’re thinking of building (or even just using) a billing system – pay close attention.

    •                    
  • JSDB Migrations
           
             

    I’m busy working on Basil, the Small Web host, and while it’s nowhere near ready to use yet, I thought I’d try my hand at writing a database migration as they will be necessary once other people start using it.

  • Artificial Intelligence safety: embracing checklists

    Unfortunately, human errors are bound to happen. Checklists allows one to verify that all the required actions are correctly done, and in the correct order. The military has it, the health care sector has it, professional diving has it, the aviation and space industries have it, software engineering has it. Why not artificial intelligence practitioners? In October 1935, the two pilots of the new Boeing warplane B-17 were killed in the crash of the aircraft. The crash was caused by an oversight of the pilots, who forgot to release a lock during the takeoff procedure. Since then, following the checklist during flight operations is mandatory and reduced the number of accidents. During the Apollo 13 mission of 1970, carefully written checklists mitigated the oxygen tank explosion accident. In healthcare, checklists are widespread too. For example, the World Health Organization released a checklist outlining the required steps before, during, and after a surgery. A meta-analysis suggested that using the checklist was associated with mortality and complication rates reduction. Because artificial intelligence is used for increasingly important matters, accidents can have important consequences. During a test, a chatbot suggested harmful behaviors to fake patients. The data scientists explained that the AI had no scientific or medical expertise. AI in law enforcement can also cause serious trouble. For example, a facial recognition software mistakenly identified a criminal, resulting in the arrest of an innocent, an algorithm used to determine the likelihood of crime recidivism was judged unfair towards black defendants. AI is also used in healthcare where a simulation of the Covid-19 outbreak in the United Kingdom shaped policy and led to a nation-wide lockdown. However, the AI simulation was badly programmed, causing serious issues. Root cause analysis determined that the simulation was not deterministic and badly tested. The lack of checklist could have played a role.

  • Dav1d 0.9 Released With AVX2-Tuned 10b/12b Decode For Big Speed Boost - Phoronix

    The hand-written AVX2-tuned Assembly code was sponsored by Facebook and Netflix to provide significantly better performance for decoding 10-bit and 12-bit AV1 content on modern Intel/AMD processors. AArch64 already enjoyed hand-tuned Assembly for the high bit depth decoding while now thanks to the support of two Internet giants there is this faster 10b/12b decode for AVX2 capable processors, which amounts to Intel Haswell and newer or AMD Excavator and newer.

  • FTC Affirms Right to Repair is Right for Consumers

    In a comprehensive rebuke of opposition arguments to Right to Repair, the Federal Trade Commission (FTC) found “scant” evidence that repair should be restricted. The FTC studied the evidence and found next to nothing, except a single report of a battery fire in 2011 in Australia. One cell phone fire among billions for a ten year period is indeed “Scant.” Repair.org members were asked to testify—and we can all attest the thoroughness of the process. It is pure joy to see that our words were heard and that our arguments were persuasive. With 19 months of silence we’d no expectations of anything positive.  The most exciting result of this report is the clear endorsement of state right to repair legislation as a suitable path forward. The path to passage in multiple states now appears wide open.  The next few months will be very telling. OEM arguments against Right to Repair have been obliterated. If OEMS do not change their policies voluntarily, it appears the FTC is prepared to push forward using their existing authority. They may even engage in a formal rulemaking. At the same time, legislation that has been moving slowly in state legislatures has been invigorated. Had this report been available in January, several states with short sessions may have already passed “Right to Repair” laws by now.

Video and Audio Shows: Nheko Reborn, Nextcloud, Josh Bressers on Security, and Going Linux on Password Managers for Linux

Linux 5.13-rc2

So a week has passed, and rc2 is tagged and pushed out.

Things look pretty normal: rc2 tends to be fairly quiet as people
start finding issues, and while 5.13 looks to be a pretty big release
over-all, the changes in rc2 are if anything slightly smaller than
average.  But it's well within the noise.

The fixes here are all over the place - drivers, arch updates,
documentation, tooling.. Nothing particularly stands out, although a
fix for some VGA text-mode font size issues is funny (as in "strange",
not "ha-ha funny") just because so few people presumably use the
extended SVGA text modes any more. That's not recent breakage either.

The appended shortlog shows the details.

                 Linus
Read more Also: Linux 5.13-rc2 Released With A VGA Text Mode Fix

